International Standardization Council

Meeting summary for International standards Council (ISC) Recurring Meeting (02/20/2025)

Date: Thursday, 20th February 2025, 09:58-10:55 GMT-06:00

Attendees: John DiMaria, Eric Hibbard (Samsung), R. Murthy, Mithilesh Ramaswamy, Madhav Chablani

Quick recap

The meeting focused on the Industry Standards Council (ISC) working group and the CSA community, with discussions on organizational changes, the need for a new chairperson, and the urgency of submitting liaison reports. The team also explored the potential of creating an AI agent for document management and standardization, and the development of a prototype tool to assist in standardizing terms and abbreviations in documents. Lastly, they discussed the possibility of posting draft ISO documents in the community, the development of a new credential in artificial intelligence auditing, and the potential for this credential to be associated with the OCF initiative.

Next steps

• Eric to post SC 27 and SC 38 project dumps in the ISC community library documents.

• Eric to work with Mithilesh on developing an AI tool prototype for cross-checking CSA documents against ISO standards.

• Mithilesh to create and demonstrate an AI tool prototype at the next meeting.

• John to post notification about the AI tool demo for the next month's meeting. - Noted in these minutes

• John to post the latest draft of the ISC charter in the community space. - In these minutes  (see hyperlink)

• Eric to track down the category A liaison package for SC 27 and SC 38.

• John to investigate the ISACA AI auditing credential initiative.

• Eric to forward the ISACA AI auditing credential email to John. - DONE

Summary

ISC Working Group and Liaison Reports

John and Eric discuss the current state of the Industry Standards Council (ISC) working group and CSA community. John mentions recent organizational changes, including his new role as Chief of Staff for CSA and the merger of the CTO group and research group into R&D. They address the need to find a new chairperson for the ISC working group and the importance of maintaining the group's momentum. Eric brings up the urgent matter of submitting liaison reports for SE 27 and SE 38 meetings next month, and they discuss the process of establishing a liaison with SC 42, which may require preparing and submitting a formal package for approval.

Cloud Computing Security Initiatives

Eric discussed his involvement in various projects, particularly those related to cloud computing security. He mentioned his work with the US Mirror Committee and the IEEE Society's cybersecurity, privacy standards committee. He also talked about a new initiative focusing on cybersecurity sustainability and its connection to the United Nations' Sustainable Development Goals. Eric highlighted the work of the IEEEs Cloud Computing Standards Committee, including a new work item proposal for trustworthiness in cloud and another on networking and cloud computing at the edge. He also mentioned his role as the editor for a project related to amendments to the 19086 series. John agreed to record the update and suggested that Eric could post the details in the community space or update the project dumps.

AI Agents and Document Management

In the meeting, Eric and John discussed updating information on the community page and posting about ongoing projects. They also discussed the potential for the CSA to collaborate with SE 42 on AI activity and the possibility of an AI agent for document management. Mithilesh brought up the idea of creating AI agents for document handling and standardization, which Eric and John agreed to discuss further. The conversation ended with the scheduling of a follow-up discussion on these topics and the consideration of creating an AI agent for document management.

Creating AI for Document Standards

Mithilesh proposed the creation of an AI agent that could analyze documents for potential mismatches with standards. John agreed, noting that this could be useful for aligning with a standard or referencing one. Mithilesh suggested that the AI could check if any terms used in a document were not in the standard, and could also ensure that new documents adhere to specific standards. Eric mentioned that there are companies that have taken international standards, particularly in the area of security and privacy, and have developed tools to identify controls. He also mentioned a technique called normalized controls that could consolidate a list of standards. The team agreed that there is work being done in this area and that it could be beneficial for their project.

Prototype Tool for Standardizing Terms

Mithilesh proposed creating a prototype tool to assist in standardizing terms and abbreviations in documents. He suggested that the tool could highlight areas where standardized terms or abbreviations should be used, and could be created within a few days. Eric and John agreed that the prototype could be interesting and potentially useful, and suggested that they could provide documents for Mithilesh to work with. They also discussed the possibility of using the Cloud Control Matrix (CCM) as a reference, but noted that it maps to many different standards, which could be a challenge.

Exploring Tool for Updated Project References

Eric proposed a tool that could be used to cross-check project references against updated versions, which Mithilesh agreed to explore. The tool could be particularly useful in the context of the Cloud Security Alliance (CSA), where outdated references still exist. Eric suggested that the tool could be utilized to provide precise feedback to work group owners on the need to update references. Mithilesh confirmed that he would have a demonstration ready in a few days. Eric agreed to send Mithilesh the necessary data for the tool, highlighting the importance of having reasonably updated versions of the project dumps. The team is considering working with Mithilesh on this initiative, with Eric and Mithilesh planning to discuss further in their next meeting.

ISO Document Posting and Tracking

Eric and John discussed the possibility of posting draft ISO documents in the community, seeking comments. They decided to hold off on this due to potential intellectual property issues. Instead, they agreed to focus on other activities. John offered to post a link to the latest draft of the charter for approval next month. Eric suggested he could access the document if it was in a Google Docs format. They also discussed the possibility of tracking down a liaison package.

New AI Auditing Credential Development

Eric and John discussed a new credential in artificial intelligence auditing, which is being developed by a community that includes individuals with certifications like CISA and CPA. Eric, who holds a CISA, was asked to be a beta tester for this new credential. John was not aware of this initiative but mentioned that CSA is considering developing a credential for AI safety initiatives. They also discussed the potential for this new credential to be associated with the OCF initiative, specifically the development of a scheme and certification mechanism for AI. John mentioned that an audit scheme for AI is being developed, which will be closely aligned with 42001.

Beta Testing Opportunity and AI Standards

John and Eric discuss an email Eric received about a beta testing opportunity for auditors, possibly related to AI standards. They agree it could be interesting and potentially align with their current efforts. John requests Eric to forward the email for further investigation. They also mention action items from the meeting, including working on a demo with Mithilesh, updating the group on AI initiatives and standards, and finalizing the charter approval process. The meeting concludes with John summarizing the tasks for the upcoming month.

ISC Charter: ISC Council WG Charter 2023 (1).docx

Google Docs		remove preview
ISC Council WG Charter 2023 (1).docx Charter 2025 International Standardization Council Working Group © 2023 Cloud Security Alliance - All Rights Reserved. Valid at time of printing. All rights reserved. You may download, store, display on your computer, view, print, and link to the "International Standardization Council Working ... View this on Google Docs >